No system restore.Antivirus pop ups & desktop tray pop ups

**wisenheimer** · 2006-08-13, 16:00

2006-08-12 08:46 48,190 C:\RDFX4.exe
2006-08-12 08:46 232,749 C:\WINDOWS\pf78.exe
2006-08-11 23:47 75,776 C:\uoytnq.exe
2006-08-11 23:46 160,800 C:\WINDOWS\system32Fastmp3_Setup1.exe
2006-08-11 23:46 16,384 C:\WINDOWS\system32\loadadv559.exe
2006-08-11 23:46 138,808 C:\WINDOWS\system32\clbcatq.exe
2006-08-11 11:58 49,250 C:\WINDOWS\system32\javaw.exe
2006-08-11 11:58 49,248 C:\WINDOWS\system32\java.exe
2006-08-11 11:58 127,078 C:\WINDOWS\system32\javaws.exe
2006-08-09 09:30 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-08-04 19:55 266,360 C:\WINDOWS\system32\TweakUI.exe
2006-08-04 13:06 402,653,184 C:\pagefile.sys
2006-07-29 19:00 0 C:\loaded.exe
2006-07-29 15:37 70,656 C:\WINDOWS\system32\btpanuib.dll
2006-07-29 15:37 69,632 C:\WINDOWS\system32\compstuid.dll
2006-07-29 10:01 0 C:\WINDOWS\system32cymmh.exe
2006-07-29 10:00 433 C:\WINDOWS\yupvr.dll
2006-07-29 08:52 176,128 C:\WINDOWS\system32\pgqbwa.dll
2006-07-24 11:50 178 C:\WINDOWS\system32\del32.bat
2006-07-07 15:55 195,584 C:\WINDOWS\system32\XVoice.dll
2006-07-07 15:55 190,464 C:\WINDOWS\system32\landplot.dll
2006-07-07 15:55 173,056 C:\WINDOWS\system32\Vtext.dll
2006-07-05 13:52 25 C:\WINDOWS\SW_Win2000X48.DLL

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Optimum Online"="C:\\Program Files\\Optimum Online\\Netsurf.exe -tray"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124339193\\ee\\AOLSoftware.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32
\\NvCpl.dll,NvStartup"
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"isvea6c6"="RUNDLL32.EXE w005b7de.dll,n 002ea6c400000003005b7de"
"73305db.exe"="C:\\WINDOWS\\system32\\73305db.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"73305db.exe"="C:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\73305db.exe"
"Windows installer"="C:\\winstall.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.punkvoter.com/images/ftr/punkvoterbnr.gif"
"SubscribedURL"="http://www.punkvoter.com/images/ftr/punkvoterbnr.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,e0,01,00,00,3c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,e0,01,00,00,3c,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://newyork.mets.mlb.com/images/players/action/ph_120536.jpg"
"SubscribedURL"="http://newyork.mets.mlb.com/images/players/action/ph_120536.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,02,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,8c,c0,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\10]
"Source"="http://atlanta.braves.mlb.com/images/players/action/ph_116662.jpg"
"SubscribedURL"="http://atlanta.braves.mlb.com/images/players/action/ph_116662.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cf,01,00,00,d3,01,00,00,bf,00,00,00,87,00,00,00,fc,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,19,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,a0,81,e1,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
"Source"="http://sanfrancisco.giants.mlb.com/images/players/action/ph_111188.jpg"
"SubscribedURL"="http://sanfrancisco.giants.mlb.com/images/players/action/ph_111188.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,16,01,00,00,d6,01,00,00,bf,00,00,00,87,00,00,00,fe,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,b2,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,90,12,a6,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
"Source"="http://www.newyorkjets.com/roster/view_bio_photo.php?id=65"
"SubscribedURL"="http://www.newyorkjets.com/roster/view_bio_photo.php?id=65"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,02,00,00,4f,01,00,00,6e,00,00,00,7b,00,00,00,00,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,02,00,00,4f,01,00,00,6e,00,00,00,7b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9d,02,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,c0,39,bc,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\13]
"Source"="http://assets.sportvision.com/falcons/assets/images/1952.jpg"
"SubscribedURL"="http://assets.sportvision.com/falcons/assets/images/1952.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,01,00,00,59,00,00,00,8c,00,00,00,9a,00,00,00,02,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,01,00,00,59,00,00,00,8c,00,00,00,9a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,e0,c1,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\14]
"Source"="http://www.kcchiefs.com/images/HOLMESpriest2002.jpg"
"SubscribedURL"="http://www.kcchiefs.com/images/HOLMESpriest2002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,00,00,00,59,00,00,00,73,00,00,00,ac,00,00,00,04,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,00,00,00,59,00,00,00,73,00,00,00,ac,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,50,20,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\15]
"Source"="http://www.nba.com/media/act_jermaine_oneal.jpg"
"SubscribedURL"="http://www.nba.com/media/act_jermaine_oneal.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ca,01,00,00,6b,00,00,00,8c,00,00,00,dc,00,00,00,06,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,01,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,e0,4a,3f,06

**wisenheimer** · 2006-08-13, 16:01

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\16]
"Source"="http://www.nba.com/media/act_allan_houston.jpg"
"SubscribedURL"="http://www.nba.com/media/act_allan_houston.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b8,01,00,00,7d,00,00,00,8c,00,00,00,dc,00,00,00,08,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,01,00,00,7d,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,48,e8,56,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\17]
"Source"="http://www.nba.com/media/act_doug_christie.jpg"
"SubscribedURL"="http://www.nba.com/media/act_doug_christie.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,fd,ff,ff,ff,07,02,00,00,6f,00,00,00,dc,00,00,00,0a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,b8,00,00,00,73,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,20,69,57,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\18]
"Source"="http://www.nba.com/media/act_kevin_garnett.jpg"
"SubscribedURL"="http://www.nba.com/media/act_kevin_garnett.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,f4,ff,ff,ff,2b,01,00,00,7b,00,00,00,dc,00,00,00,0c,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,00,00,00,61,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,18,80,c4,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\19]
"Source"="http://www.nba.com/media/act_allen_iverson.jpg"
"SubscribedURL"="http://www.nba.com/media/act_allen_iverson.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,4f,00,00,00,71,00,00,00,dc,00,00,00,0e,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,00,00,00,7d,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,83,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,70,d3,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="http://detroit.tigers.mlb.com/images/players/action/ph_121358.jpg"
"SubscribedURL"="http://detroit.tigers.mlb.com/images/players/action/ph_121358.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,01,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ee,01,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,53,b7,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\20]
"Source"="http://www.nba.com/media/act_shaquille_oneal.jpg"
"SubscribedURL"="http://www.nba.com/media/act_shaquille_oneal.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6e,00,00,00,83,01,00,00,aa,00,00,00,dc,00,00,00,10,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,00,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,09,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,da,cb,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\21]
"Source"="http://www.nba.com/media/mediacentralns/2004Draft_Okafor_Emeka.jpg"
"SubscribedURL"="http://www.nba.com/media/mediacentralns/2004Draft_Okafor_Emeka.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,74,02,00,00,77,01,00,00,41,00,00,00,5a,00,00,00,12,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,00,00,00,4f,01,00,00,41,00,00,00,5a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,61,04,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,30,1f,28,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\22]
"Source"="http://www.nba.com/media/mediacentralns/2004Draft_Flores_Luis.jpg"
"SubscribedURL"="http://www.nba.com/media/mediacentralns/2004Draft_Flores_Luis.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,62,02,00,00,1b,01,00,00,41,00,00,00,5a,00,00,00,14,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,01,00,00,85,01,00,00,41,00,00,00,5a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,b0,50,3b,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\23]
"Source"="http://www.nba.com/media/mediacentralns/2004Draft_Gordon_Ben.jpg"
"SubscribedURL"="http://www.nba.com/media/mediacentralns/2004Draft_Gordon_Ben.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6a,01,00,00,9a,00,00,00,41,00,00,00,5a,00,00,00,16,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a6,00,00,00,8f,00,00,00,41,00,00,00,5a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,50,c2,3d,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\24]
"Source"="http://www.philadelphiaeagles.com/uploads/photos/perm/main/BNFDODEPMKAF/mcnabb_donovan_04.jpg"
"SubscribedURL"="http://www.philadelphiaeagles.com/uploads/photos/perm/main/BNFDODEPMKAF/mcnabb_donovan_04.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dd,01,00,00,4f,01,00,00,8c,00,00,00,a5,00,00,00,18,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,01,00,00,4f,01,00,00,8c,00,00,00,a5,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,d3,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,28,8f,d7,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\25]
"Source"="http://www.nba.com/media/act_steve_francis.jpg"
"SubscribedURL"="http://www.nba.com/media/act_steve_francis.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,5f,00,00,00,01,01,00,00,8c,00,00,00,dc,00,00,00,1a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,01,00,00,73,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,f8,58,3b,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\26]
"Source"="http://www.nba.com/media/act_kenyon_martin.jpg"
"SubscribedURL"="http://www.nba.com/media/act_kenyon_martin.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,71,00,00,00,9b,00,00,00,98,00,00,00,e6,00,00,00,1c,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,02,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,61,04,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,f0,df,bb,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\27]
"Source"="http://www.nba.com/media/act_tim_duncan.jpg"
"SubscribedURL"="http://www.nba.com/media/act_tim_duncan.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,44,01,00,00,ec,00,00,00,8c,00,00,00,dc,00,00,00,1e,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,02,00,00,8f,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e3,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,30,00,5e,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\28]
"Source"="http://www.nba.com/media/act_jason_kidd.jpg"
"SubscribedURL"="http://www.nba.com/media/act_jason_kidd.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,7c,01,00,00,02,01,00,00,8c,00,00,00,dc,00,00,00,20,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,02,00,00,7d,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,8c,5c,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\29]
"Source"="http://www.nba.com/media/act_baron_davis.jpg"
"SubscribedURL"="http://www.nba.com/media/act_baron_davis.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cf,01,00,00,5d,01,00,00,8c,00,00,00,dc,00,00,00,22,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,02,00,00,73,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,c4,4c,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="http://arizona.diamondbacks.mlb.com/images/players/action/ph_116615.jpg"
"SubscribedURL"="http://arizona.diamondbacks.mlb.com/images/players/action/ph_116615.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,09,01,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,64,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,b0,ae,06

**wisenheimer** · 2006-08-13, 16:01

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\30]
"Source"="http://www.nba.com/media/act_tracy_mcgrady.jpg"
"SubscribedURL"="http://www.nba.com/media/act_tracy_mcgrady.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,97,01,00,00,7f,01,00,00,8c,00,00,00,dc,00,00,00,24,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ca,02,00,00,61,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,f0,4c,ce,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\31]
"Source"="http://www.nba.com/media/act_kobe_bryant.jpg"
"SubscribedURL"="http://www.nba.com/media/act_kobe_bryant.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b8,01,00,00,f6,00,00,00,8c,00,00,00,dc,00,00,00,26,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,01,00,00,61,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,d8,27,2a,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\32]
"Source"="http://www.nba.com/media/act_ray_allen.jpg"
"SubscribedURL"="http://www.nba.com/media/act_ray_allen.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,94,02,00,00,0d,01,00,00,8c,00,00,00,c3,00,00,00,28,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a6,02,00,00,85,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,58,40,5a,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\33]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_120691.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_120691.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,44,02,00,00,54,01,00,00,bd,00,00,00,7e,00,00,00,2a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,00,00,00,85,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,1c,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,80,12,64,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\34]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_114739.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_114739.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ff,02,00,00,55,01,00,00,b8,00,00,00,7e,00,00,00,2c,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,94,02,00,00,a1,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,1c,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,28,c0,16,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\35]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_121250.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_121250.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dd,02,00,00,7b,00,00,00,bf,00,00,00,87,00,00,00,2e,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\36]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_122111.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_122111.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,5a,02,00,00,50,00,00,00,bf,00,00,00,87,00,00,00,30,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,19,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,52,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,18,f6,db,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\37]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_116539.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_116539.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ce,01,00,00,38,00,00,00,bf,00,00,00,87,00,00,00,32,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,23,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,52,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,90,93,92,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\38]
"Source"="http://minnesota.twins.mlb.com/images/players/action/ph_116338.jpg"
"SubscribedURL"="http://minnesota.twins.mlb.com/images/players/action/ph_116338.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,2c,01,00,00,34,00,00,00,bf,00,00,00,87,00,00,00,34,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ee,00,00,00,47,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,8e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,53,b7,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\39]
"Source"="http://boston.redsox.mlb.com/images/players/action/ph_120903.jpg"
"SubscribedURL"="http://boston.redsox.mlb.com/images/players/action/ph_120903.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,67,00,00,00,21,00,00,00,b7,00,00,00,87,00,00,00,36,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,01,00,00,47,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,00,a2,b2,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="http://chicago.cubs.mlb.com/images/players/action/ph_122544.jpg"
"SubscribedURL"="http://chicago.cubs.mlb.com/images/players/action/ph_122544.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,53,00,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,03,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,a0,09,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,e8,87,d8,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\40]
"Source"="http://www.nba.com/media/act_vince_carter.jpg"
"SubscribedURL"="http://www.nba.com/media/act_vince_carter.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,05,01,00,00,27,01,00,00,9a,00,00,00,f9,00,00,00,38,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,01,00,00,8f,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,40,84,1b,08

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\41]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,3a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_121347.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_121347.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,85,00,00,00,bf,00,00,00,87,00,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,dc,02,00,00,59,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,88,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,98,8f,b3,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
"Source"="http://chicago.whitesox.mlb.com/images/players/action/ph_123245.jpg"
"SubscribedURL"="http://chicago.whitesox.mlb.com/images/players/action/ph_123245.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,80,02,00,00,87,00,00,00,bf,00,00,00,87,00,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,00,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,8e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,98,8f,b3,06

**wisenheimer** · 2006-08-13, 16:02

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
"Source"="http://tampabay.devilrays.mlb.com/images/players/action/ph_408307.jpg"
"SubscribedURL"="http://tampabay.devilrays.mlb.com/images/players/action/ph_408307.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,c3,01,00,00,85,00,00,00,bf,00,00,00,87,00,00,00,f6,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,35,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,63,03,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,a0,87,a7,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
"Source"="http://stlouis.cardinals.mlb.com/images/players/action/ph_405395.jpg"
"SubscribedURL"="http://stlouis.cardinals.mlb.com/images/players/action/ph_405395.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,f8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,03,00,00,35,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9d,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,40,68,23,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
"Source"="http://florida.marlins.mlb.com/images/players/action/ph_334393.jpg"
"SubscribedURL"="http://florida.marlins.mlb.com/images/players/action/ph_334393.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,89,02,00,00,d4,01,00,00,bf,00,00,00,87,00,00,00,fa,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,02,00,00,47,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,18,d7,e7,04

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"="NSIS Media Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alexis^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\Alexis\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Forget Me Not.lnk"
"backup"="C:\\WINDOWS\\pss\\Forget Me Not.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\AGCREA~1\\AGRemind.exe "
"item"="Forget Me Not"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\11489~1.276\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_Program Files_WordPerfe3a]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CorUpd"
"hkey"="HKCU"
"command"="C:\\Program Files\\WordPerfect Office 11\\Programs\\CorUpd.exe /Watch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_PROGRA~1_WORDPE~1_Progr28]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CorUpd"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\WORDPE~1\\Programs\\CorUpd.exe /Watch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPClientMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GPClientMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\GalleryPlayer\\Player\\GPClientMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPDownloadManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GPDownloadManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\GalleryPlayer\\Player\\GPDownloadManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pscan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Privacy Champion\\pscan.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)
Wallpaper REG_SZ !"$%&$#!%&$#!$#%!&$#&%!$#%$"!DF!CXY!DWCER"!

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ (HOME-Matt).job

Completion time: Sun 08/13/2006 8:57:31.79
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-11.211509.txt
ComboFix.2006-08-13.073636.txt

**wisenheimer** · 2006-08-13, 16:02

McAfee AVERT Stinger Version 2.6.0. built on Apr 5 2006

Copyright (C) 2005 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on Feb 2 2006.

Ready to scan for 55 viruses, trojans and variants.

Scan initiated on Sun Aug 13 09:00:35 2006

Number of clean files: 236213

**LonnyRJones** · 2006-08-14, 02:07

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

Code:

REGEDIT4
;
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] 
"Wallpaper"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alexis^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"73305db.exe"=-
"Windows installer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"isvea6c6"=-
"73305db.exe"=-
"UserFaultCheck"=-
"KernelFaultCheck"=-

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Restart your PC.

Set windows to show hidden extensions file's and folder's.
click for> instructions.

Delete these folders
C:\Program Files\Common Files\{B4B02FDF-095A-1033-0721-030718030001}
C:\\Program Files\\Privacy Champion
C:\Program Files\Common Files\kqmw
C:\Program Files\SpySheriff

Delete each of these files at only these locations
C:\Documents and Settings\Matt\Application Data\Install.dat
C:\loaded.exe
C:\WINDOWS\system32cymmh.exe
C:\WINDOWS\yupvr.dll
C:\WINDOWS\system32\pgqbwa.dll
C:\RDFX4.exe
C:\WINDOWS\pf78.exe
C:\uoytnq.exe
C:\WINDOWS\system32Fastmp3_Setup1.exe
C:\WINDOWS\system32\loadadv559.exe
C:\WINDOWS\system32\clbcatq.exe
C:\WINDOWS\ssqbn.exe
C:\winstall.exe
C:\abeb.exe
C:\WINDOWS\system32\test.exe
C:\WINDOWS\system32\73305db.exe
mention it if there were any problems

============================

go here and submit these files, let us know what was detected ?
C:\WINDOWS\system32\isvea6c6.dll
C:\WINDOWS\system32\isvea6c6.sys

http://www.virustotal.com/flash/index_en.html

Post a fresh hijackthis log please, be sure to mention any current problems.
Post a fresh Hijackthis log

**wisenheimer** · 2006-08-14, 15:10

Okay no problems with fixme.reg or deleting the files and folders.

http://www.virustotal.com/vt/en/resu...1430407815247f

http://www.virustotal.com/vt/en/resu...ef63e857e1c175

**wisenheimer** · 2006-08-14, 15:12

STATUS: FINISHEDComplete scanning result of "isvea6c6.dll", received in VirusTotal at 08.14.2006, 14:51:41 (CET).

AntiVir 6.35.1.0 08.14.2006 no virus found
Authentium 4.93.8 08.13.2006 no virus found
Avast 4.7.844.0 08.14.2006 no virus found
AVG 386 08.14.2006 Downloader.Generic2.KAW
BitDefender 7.2 08.14.2006 no virus found
CAT-QuickHeal 8.00 08.14.2006 no virus found
ClamAV devel-20060426 08.14.2006 no virus found
DrWeb 4.33 08.14.2006 Trojan.DownLoader.12021
eTrust-InoculateIT 23.72.94 08.14.2006 no virus found
eTrust-Vet 30.3.3019 08.14.2006 no virus found
Ewido 4.0 08.13.2006 no virus found
Fortinet 2.77.0.0 08.13.2006 W32/AXF!tr.dldr
F-Prot 3.16f 08.13.2006 no virus found
F-Prot4 4.2.1.29 08.13.2006 no virus found
Ikarus 0.2.65.0 08.14.2006 no virus found
Kaspersky 4.0.2.24 08.14.2006 no virus found
McAfee 4828 08.13.2006 Downloader-AXF
Microsoft 1.1560 08.14.2006 no virus found
NOD32v2 1.1705 08.14.2006 no virus found
Norman 5.90.23 08.14.2006 W32/DLoader.ALXF
Panda 9.0.0.4 08.14.2006 Trj/Downloader.JXQ
Sophos 4.08.0 08.14.2006 no virus found

Symantec 8.0 08.14.2006 Downloader
TheHacker 5.9.8.192 08.14.2006 no virus found
UNA 1.83 08.11.2006 no virus found
VBA32 3.11.0 08.13.2006 no virus found
VirusBuster 4.3.7:9 08.13.2006 no virus found

**wisenheimer** · 2006-08-14, 15:13

No viruses found for isvea6c6.sys

**wisenheimer** · 2006-08-14, 15:14

Logfile of HijackThis v1.99.1
Scan saved at 9:14:12 AM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1124339193\ee\aexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.optonline.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.238.43.125:8100
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124339193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {BA685A19-A28D-4241-B68A-FDE428C7B44E} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {C4AE95E6-4EE4-6B4F-A12B-EAAA3858187F} (MNPerformer Class) - http://art.towerrecords.com/performe...ormerSetup.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: msdtcuiu.exe - Unknown owner - C:\WINDOWS\system32\msdtcuiu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Thread: No system restore.Antivirus pop ups & desktop tray pop ups

Thread Tools

Display

Posting Permissions